From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web08.8974.1617696681350960132 for ; Tue, 06 Apr 2021 01:11:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=ajhuBX2T; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: min.m.xu@intel.com) IronPort-SDR: ofwLPN0A5VK31FGLfx8R503mE+G/eYEyPqeOzQ30pmDmcJMKXak2jXcP8EKhykHQbUMhFMUJw0 E1VBXP1yjL0Q== X-IronPort-AV: E=McAfee;i="6000,8403,9945"; a="189803382" X-IronPort-AV: E=Sophos;i="5.81,308,1610438400"; d="scan'208";a="189803382" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Apr 2021 01:11:20 -0700 IronPort-SDR: qNf2OjqE/tZFcEsGz1tzjDqfIT+MOeUia/NKBzeqVOWII+5pNod7mAX8xslmoon3misW6lin9B QYUGAH5C61ZA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,308,1610438400"; d="scan'208";a="421109243" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga008.jf.intel.com with ESMTP; 06 Apr 2021 01:11:19 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 6 Apr 2021 01:11:19 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 6 Apr 2021 01:11:18 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 6 Apr 2021 01:11:18 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.170) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 6 Apr 2021 01:11:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dLSTToWtH/acaMAjXsE1I6Y4k4av3kmq64FW0xbVODLT755jt9tpOMuMwwu3VMQNXHh6SqQxBzVVZnHdeNxCfBQnRw5XG7Ql5de7Fi2zNDD/cmhyf25vJU8zxhn8fEZh0RZkrflPrlrm3/GKLZLrkp73ezl6B2OzVXCgYoX75Qye6Bp21ildVgpPRElzoHbxqhcTz34qWE7PwIEEawsKQgrH10n2H1/GcbpkHndTTqFwKRaP+m/mbOzPjZZNhQCEQQIVmpuZ12D5o9MN+6XmBiJxzYQRqh2TSZGkGMRfXatv2vxVVee8Fh03n8QXowf/s1863Ob44MVs/Dz2Yhkz+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zk+4Ios5IbruUaT1T0fVfMOI25HcQnZDRgO8NHYcvHg=; b=bb3umatONPi04E3CfbeQnqLrBxyJvyPReKarzKLwEdewES9y54cxVdAlrjvHlyJpWH81nkF1gStc/w/7NOCp7hUaqK/LQuDYAjvVQ/CayJDucVgiFJppLJWPJOXCF+pKW3WlSFdeSeE41jJl1FsXoowFi69GogolJbSuONBwmUNZZrVHizzPhZ/vYuC2ziQCPVUn1E9bDPHwRWIEzIchwLHeUAcM2swLuDs6nDFjqT3Z6BLds4zjzB3ZGPvElShVqmujavLW/dh1d+X2tNn8MeyMfBCoPLqdAnnk/q3o3BQCTaHnu5coW9ZU/qPnEYIJggQTE9rTqfAjtJUjcFwFDw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zk+4Ios5IbruUaT1T0fVfMOI25HcQnZDRgO8NHYcvHg=; b=ajhuBX2TxsqkInt4QoqbkuZCcE77Jdw5FNgiQZRNsTvlwcK8NFRB81xvagaw9PAOVQD1cpSxoovDj05uuIbuvu7afNPlMdwqrA+CNx+qTU/fST8kfiUzpWmDhcZyYx5/wKTsPe95myLTqSN4/JqcdGHn+YxTOFy4ZSB3+6WEGDE= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB5189.namprd11.prod.outlook.com (2603:10b6:510:3d::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.29; Tue, 6 Apr 2021 08:11:16 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::a1ff:189a:6570:a842]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::a1ff:189a:6570:a842%6]) with mapi id 15.20.3999.032; Tue, 6 Apr 2021 08:11:16 +0000 From: "Min Xu" To: Brijesh Singh , "devel@edk2.groups.io" CC: James Bottomley , "Yao, Jiewen" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Laszlo Ersek Subject: Re: [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page for the SEV-SNP guest Thread-Topic: [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page for the SEV-SNP guest Thread-Index: AQHXIMLwt6fB8ZLXIU2+viaz6VyhoqqnLnKA Date: Tue, 6 Apr 2021 08:11:15 +0000 Message-ID: References: <20210324153215.17971-1-brijesh.singh@amd.com> <20210324153215.17971-2-brijesh.singh@amd.com> In-Reply-To: <20210324153215.17971-2-brijesh.singh@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.198] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c3411ab4-e7bb-499f-8b24-08d8f8d38d08 x-ms-traffictypediagnostic: PH0PR11MB5189: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: nJiF33APnQcY35yn4B2lAC+rGHCs2nmgVkBZ6gmr+d78c+wJWZhSiIi8699Ngekth+XdWvID1omkgDXctS+9cY+pOx1bGtu6JzEkFCxl3H4M050sG+BKBtQXw/mHIBbVb07ly89PAxTN+dfkJ+OnkyC1ZyGUMvVfoitCGoZdWaijgWtgssSOv+iw39IkOWzy+ZZp+mMPmUwM3+ltj3S5oqY5vHq44fKovFhN4P75iOIzuq9q5wjZuKc/6AVbd8vwDYNGkdEbPoV7LRlZImsAUg9iqrH5lIVwVCotzQEfpgd7AQeqioDeSTke6QqJevhB9kkn9z8T+ThRj6Ke94SC3UJrf8PsTRm3iUHwf+IT2LGw4jkb4WF5y7cAF3Qwd9UeErJzkUh8iLAXJ9+PglSP+82CiTnddQzzdpfAenZOaJHP4qiR+XWfdhupQjFL+UxsS0VWXIH8lQL8zM2SwDIt/XBuJpmzfAju8VWAGtuPWjd2WG2bUl2yL4YXC9F4alTI7+AlnrSauwThptn+j2t97hv7EVFPt51WVrOjn8Ac/i33bcC0/aJFNHbWY5HGulT6RpBiP/gOsxRpt92hY9ZXxuCY4ZGb3FRqQMM13IDZxgTwyDgdduBr1p0RiHe6L8CBWVVggjgBLrvYvXkz5k+tO8NbT4AjGeUM+StHuENLMjlNYejhKhTvRrD55h0cwu+w+U5Fg++RnTpP41YMHM0BRoffl1fygIB1TvoKO5TdSMuuBROLSGiONTFkwStPGV2s x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(346002)(136003)(376002)(39860400002)(396003)(366004)(8936002)(966005)(478600001)(2906002)(83380400001)(26005)(71200400001)(4326008)(186003)(7696005)(19627235002)(316002)(52536014)(55016002)(53546011)(6506007)(86362001)(110136005)(9686003)(38100700001)(54906003)(5660300002)(76116006)(8676002)(66476007)(66946007)(64756008)(66446008)(66556008)(33656002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?6gcLEzGTP0gMHQmum2UD7Q0G6nYaCUG35MSiNJralOuqyNu47SuaYTW+yM6Z?= =?us-ascii?Q?Q8dOTWbruJolfERUGUlnz9ALWNHnj6jlWwqbVxG8/Bw3+u3v1TPNXsvoeEU3?= =?us-ascii?Q?XbdPnYaSuC7cbZhlgeB3jFUy1YGn7Srw/IeRm80B9vuDeKAAm77bpp3i2VNe?= =?us-ascii?Q?xV6beEpvkBOH56zR1J6n3ht3/hARH2wOYxNsNUPdtQdBepe1iis8An+XUDFs?= =?us-ascii?Q?E0GCu5VlbpLPqz8INiiwpckDC+ezDqJ+t/aU3Aw3LYEs/M6qmahYDd/sanww?= =?us-ascii?Q?ZXCFvkFa8KbK1wOV6FsRsjGT/BB5IkyMYLai0AQl3l4q/EOOMnimfz5J/DLY?= =?us-ascii?Q?HNJccws80iU+Fl6daboH4ZtnT6aVJ+UHtWxI7SbuJ6y4SDmfHZU/mSnrb/qa?= =?us-ascii?Q?yYjeOV6vwhlqkLHdfedC+p/Dh/4bcxNv6rOvGAiqDhhqh/N/fYZ+/qwltdok?= =?us-ascii?Q?3X0svOq+/XEeXRAmiRCEeHA9CHTwroSe1H+oeqqtVvMb5F5yB64qguaG/ZI1?= =?us-ascii?Q?/ArOuKTdzcxNWJLKsfmPXkB+HbNY/2JhDAB4vA6tRm90HtPsweIqp/NqqPlK?= =?us-ascii?Q?gZZlcBBr3zN25WwQW3ibJkO7omu/nzQaFnrJz4ZREt1h8jTphNFcBGcEM7ba?= =?us-ascii?Q?Z5KMVu/Ppcl6Uqwo7G+mtE7kS6dCa/+LAzbquZ7UyoL9zeqisoD/GAWKbN0w?= =?us-ascii?Q?P2gHw7Uxe+Vi1G0ZN+eQxVxetHMxERiRw56jpuq3DykZd7B+HLPjv8aSQs2r?= =?us-ascii?Q?xVIaHiIyJlrPMVpNTPexTypHK/DkFwoFTI5fRTT0QP6DRXeKkA1mPm9OqnEN?= =?us-ascii?Q?sgmxtsXXY7O/8B38jge19v/FibK09JXCIUpDHQcuP6vwHn4wJ6761+aWT78I?= =?us-ascii?Q?od2mOo2Er5bhgoBZLZjcvEa25D4x/rRE3orX3jS8/O6pn57tqrdcPom8wj43?= =?us-ascii?Q?Hp3EdOL2JDXOXw9lSROjMApQHU4wMyg8Vtu2EWfk9C0qwTtuGWdyv2eGbtF8?= =?us-ascii?Q?FJbA3Ov/fdQfXKiWsWdbll95wTi8DdnkCvp9Sy6XZ7zIYEfNzZPwOgx477Ld?= =?us-ascii?Q?oC/qkfLJzYcxV8107Dp231XcZdGNYI7DFZYjA8MTalzZ71SgRtEsFxS0PCzo?= =?us-ascii?Q?1jITkFcZRKT8zViC7UuxRBsniO05YjpAX7/TMvIFmI5CYO1CUj55jEH7MfCL?= =?us-ascii?Q?16Z7SJGdvPljYsIH14pdqLzbT8cV1XBvLXA2mdTvL1nmNxRNzIGOJ8hgScKS?= =?us-ascii?Q?QhcQ6AhH7LiK3/4efi2SVTmCV/EFJ6oeYrwTIOiMTejDCvD8Sa6GdG3rEIWe?= =?us-ascii?Q?1oNU8+9cqx6bEbsCJibWRtfm?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c3411ab4-e7bb-499f-8b24-08d8f8d38d08 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2021 08:11:16.0024 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: F5uok0vSVOVk48mo0sSjBsXfXezRBt/PmhbLJ8u0XyVMV/mzXCxEOuYA2haIfFTt0oj2BN6okih/Pa64hqxnZA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5189 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Singh I have a concern about the sevSnpBlock in ResetVectorVtf0.asm. Actually SEV has inserted 3 blocks in ResetVectorVtf0.asm and the total bytes are (26 + 22 + 20 =3D 68 bytes). If sevSnpBlock is added, then the total bytes will be (68 +26 =3D 94 bytes). I am not sure whether there will be more blocks added in ResetVectorVtf0.asm in the future. But I don't think ResetVectorVtf0.asm is a good place to add these data blobs. Can these data be packed into a single file, for example, SevMetadata.asm, then a pointer is inserted in ResetVectorVtf0.asm which then points to the SevMetadata. In this way we can keep ResetVectorVtf0.asm clean, small and straight forward. Another reason is that I am working on the Intel TDX which will update the ResetVectorVtf0.asm as well. My change depends on the assumption that the distance between ResetVector(0xfffffff0) and EarlyBspInitReal16 is less than 128 bytes. The blocks in ResetVectorVtf0.asm make it impossible. Thanks! > -----Original Message----- > From: Brijesh Singh > Sent: Wednesday, March 24, 2021 11:32 PM > To: devel@edk2.groups.io > Cc: Brijesh Singh ; James Bottomley > ; Xu, Min M ; Yao, Jiewen > ; Tom Lendacky ; > Justen, Jordan L ; Ard Biesheuvel > ; Laszlo Ersek > Subject: [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page fo= r > the SEV-SNP guest >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 >=20 > During the SEV-SNP guest launch sequence, two special pages need to be > inserted, the secrets page and cpuid page. The secrets page, contain the = VM > platform communication keys. The guest BIOS and OS can use this key to > communicate with the SEV firmware to get the attestation report. The Cpui= d > page, contain the CPUIDs entries filtered through the AMD-SEV firmware. >=20 > The VMM will locate the secrets and cpuid page addresses through a fixed > GUID and pass them to SEV firmware to populate further. > For more information about the page content, see the SEV-SNP spec. >=20 > To simplify the pre-validation range calculation in the next patch, the C= PUID > and Secrets pages are moved to the start of the MEMFD_BASE_ADDRESS. >=20 > Cc: James Bottomley > Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Laszlo Ersek > Signed-off-by: Brijesh Singh > --- > OvmfPkg/OvmfPkg.dec | 8 +++++++ > OvmfPkg/OvmfPkgX64.fdf | 24 ++++++++++++-------- > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 19 ++++++++++++++++ > OvmfPkg/ResetVector/ResetVector.inf | 4 ++++ > OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ > 5 files changed, 48 insertions(+), 9 deletions(-) >=20 > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index > 4348bb45c6..062926772d 100644 > --- a/OvmfPkg/OvmfPkg.dec > +++ b/OvmfPkg/OvmfPkg.dec > @@ -317,6 +317,14 @@ > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 >=20 > + ## The base address of the CPUID page used by SEV-SNP > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0|UINT32|0x48 > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0|UINT32|0x49 > + > + ## The base address of the Secrets page used by SEV-SNP > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|0|UINT32|0x50 > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize|0|UINT32|0x51 > + > [PcdsDynamic, PcdsDynamicEx] > gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN > |0x10 > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index > d519f85328..ea214600be 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -67,27 +67,33 @@ ErasePolarity =3D 1 > BlockSize =3D 0x10000 > NumBlocks =3D 0xD0 >=20 > -0x000000|0x006000 > +0x000000|0x001000 > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenS > paceGu > +id.PcdOvmfSnpCpuidSize > + > +0x001000|0x001000 > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgToken > Space > +Guid.PcdOvmfSnpSecretsSize > + > +0x002000|0x006000 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTok > enSpaceGuid.PcdOvmfSecPageTablesSize >=20 > -0x006000|0x001000 > +0x008000|0x001000 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTo > kenSpaceGuid.PcdOvmfLockBoxStorageSize >=20 > -0x007000|0x001000 > +0x009000|0x001000 >=20 > gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvm > fPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize >=20 > -0x008000|0x001000 > +0x00A000|0x001000 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase|gUefiOvmfPkg > TokenSpaceGuid.PcdOvmfSecGhcbPageTableSize >=20 > -0x009000|0x002000 > +0x00B000|0x002000 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpa > ceGuid.PcdOvmfSecGhcbSize >=20 > -0x00B000|0x001000 > - > gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpac > eGuid.PcdSevEsWorkAreaSize > - > -0x00C000|0x001000 > +0x00D000|0x001000 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTo > kenSpaceGuid.PcdOvmfSecGhcbBackupSize >=20 > +0x00F000|0x001000 > +gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpa > ceGui > +d.PcdSevEsWorkAreaSize > + > 0x010000|0x010000 >=20 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTo > kenSpaceGuid.PcdOvmfSecPeiTempRamSize >=20 > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > index 9c0b5853a4..5456f02924 100644 > --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > @@ -47,6 +47,25 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStar= t > + 15) % 16)) DB 0 ; > guidedStructureStart: >=20 > +; > +; SEV-SNP boot support > +; > +; sevSnpBlock: > +; For the initial boot of SEV-SNP guest, a Secrets and CPUID page must= be > +; reserved by the BIOS at a RAM area defined by SEV_SNP_SECRETS_PAGE > +; and SEV_SNP_CPUID_PAGE. A VMM will locate this information using the > +; SEV-SNP boot block. > +; > +; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 > +; > +sevSnpBootBlockStart: > + DD SEV_SNP_SECRETS_PAGE > + DD SEV_SNP_CPUID_PAGE > + DW sevSnpBootBlockEnd - sevSnpBootBlockStart > + DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 > + DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 > +sevSnpBootBlockEnd: > + > ; > ; SEV Secret block > ; > diff --git a/OvmfPkg/ResetVector/ResetVector.inf > b/OvmfPkg/ResetVector/ResetVector.inf > index dc38f68919..d890bb6b29 100644 > --- a/OvmfPkg/ResetVector/ResetVector.inf > +++ b/OvmfPkg/ResetVector/ResetVector.inf > @@ -37,6 +37,10 @@ > gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase > + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableSize > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb > b/OvmfPkg/ResetVector/ResetVector.nasmb > index 5fbacaed5f..2c194958f4 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -75,6 +75,8 @@ > %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) > %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 > (PcdSevEsWorkAreaBase) + 8) > %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 > (PcdSevEsWorkAreaBase) + 16) > + %define SEV_SNP_SECRETS_PAGE FixedPcdGet32 (PcdOvmfSnpSecretsBase) > + %define SEV_SNP_CPUID_PAGE FixedPcdGet32 (PcdOvmfSnpCpuidBase) > %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 > (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 > (PcdOvmfSecPeiTempRamSize)) %include "Ia32/Flat32ToFlat64.asm" > %include "Ia32/PageTables64.asm" > -- > 2.17.1